Is the talent shortage in IT impeding the fight against ransomware?

Security & GRCTalent Sourcing & Hiring
2k views1 Upvote3 Comments
Head of Enterprise & Solution Architecture, 1,001 - 5,000 employees
There is a lack of people who truly understand cybersecurity well, and only the largest companies can afford that top talent—even though they've been attacked as well, as we can see on the news. For smaller and medium-sized businesses (SMBs), it's very challenging. We hear about lots of ransomware attacks on government, local, and state agencies. Those agencies do not pay the most money; therefore, they don't attract the best talent. If you don't attract the best talent, your network, systems, and all your data is more vulnerable. Maybe that's making ransomware even more difficult to mitigate or at least minimize.
2
Founder and CIO, Self-employed
Having run IT teams in midsize companies, you can't have the best of everything, so that is a challenge. And if you happen to get top talent or you happen to train one up, they go somewhere else and then you're starting over. The question is, how do you buy top talent when you need them? Maybe the answer to that is to work with a cybersecurity firm and establish that relationship before you actually need them.
2
Director of IT in Software, 201 - 500 employees
I think one of the challenges is that nowadays we have half-baked Security professionals out there. Don't get me wrong, there are tons of great experienced folks, but as there is such a shortage in this profession we see many who become so-called Security Pros overnight by attending 6 weeks to few months college program, or converts from other professions, while there are successful stories, you see someone working as a bank clerk for 5 years and then realized that Security makes more money, went to the local college and passed Security +, and you hire him as Security Analyst, the poor guy does not know the difference between TCP and UDP and have no idea what VLAN is. How can you expect that he can protect the network or the system?

There is a shortage of good talent, the great talent is hired by big companies, and we have half-backed security admins that small to medium businesses can afford, so they hire what's available.

To be a good security admin you need to preferably be a good network or system admin before, you need to understand the underlying technology stack to be able to protect it.

The same story goes with higher-level positions, you have SAP consultants who realized that their profession is dying and went and got CISSP and then want to be CISOs. So yeah, ransomware will continue happening...

Content you might like

Which EDR has less false positives?

Security & GRCIT Strategy & RoadmapSecurity Strategy & Roadmap

crowd strike38%

sentinel one56%

carbon black5%

cynet0%


39 PARTICIPANTS
301 views

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
193 views1 Comment

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.31%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.52%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


351 PARTICIPANTS
9.2k views9 Upvotes1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.5k views133 Upvotes324 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
3.4k views5 Upvotes5 Comments